fkie_nvd - fkie_cve-2012-3331

fkie_cve-2012-3331

Vulnerability from fkie_nvd

Published

2018-02-08 23:29

Modified

2024-11-21 01:40

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21613895	Mitigation, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78048	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21613895	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78048	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	sametime	6.5.1.0
ibm	sametime	7.0.0.0
ibm	sametime	7.5.0.0
ibm	sametime	7.5.1.0
ibm	sametime	7.5.1.1
ibm	sametime	7.5.1.2
ibm	sametime	8.0.0.0
ibm	sametime	8.0.1.0
ibm	sametime	8.0.2.0
ibm	sametime	8.5.0.0
ibm	sametime	8.5.1.0
ibm	sametime	8.5.1.1
ibm	sametime	8.5.1.2
ibm	sametime	8.5.2.0
ibm	sametime	8.5.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sametime:6.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A77C1DC-C184-4B17-B93B-A91A9E321792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "526F15EB-7430-4A05-83DD-F947E04EF7A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF4B1DF-3FC8-4C41-B7F4-A309CB133971",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC3F544C-F009-46A1-8496-7326AA4DC8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8846AB-0F30-4CA9-BE19-B78321C31285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E3777B0-23DA-4250-9A12-865D77F1F271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE27A8A-3655-41E5-9FAD-A9172300812E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C482E-EEA8-4BAD-93CF-558BF94E7484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08A1498-47E4-42A1-9563-F92485E70683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ACDB888-CB6C-41DD-B57E-65237A5A8EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3123052-F774-4929-932E-D6262581F3C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED661C82-9230-4501-BD87-26E68FD264C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0A3B74D-CEFC-4D9F-BB3D-23717891100C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D106630-D04F-406F-A3BD-029777B8E8F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84C4658-AEE7-4C63-A188-795B8FEB3A47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048."
    },
    {
      "lang": "es",
      "value": "IBM Sametime permite que atacantes remotos obtengan informaci\u00f3n sensible de la base de datos de Sametime Log mediante una petici\u00f3n directa a STLOG.NSF. IBM X-Force ID: 78048."
    }
  ],
  "id": "CVE-2012-3331",
  "lastModified": "2024-11-21T01:40:39.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-08T23:29:00.467",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21613895"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21613895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78048"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-3331 (GCVE-0-2012-3331)

Vulnerability from cvelistv5

Published

2018-02-08 23:00